![](http://habrastorage.org/getpro/habr/avatars/070/56b/fb0/07056bfb021db14bf10d1bddd6ecae4c.png)
Robbery in an amateurish way or about how Yandex stores passwords
![](https://habrastorage.org/getpro/habr/post_images/e04/d5c/e5c/e04d5ce5c337f500e18b1fc240a87e94.jpg)
Topic prepared by jeditobe , published by me, as the author does not have enough karma. This is his first post.
1. Go to Yandex.Mail, then click on the “settings” and “type of mail” links.
![](https://habrastorage.org/getpro/habr/post_images/c33/87d/a03/c3387da03c2fe4b7ceda64fb0760bd5a.png)
2. We select the "classical" interface.
![](https://habrastorage.org/getpro/habr/post_images/e60/60c/e3b/e6060ce3b720ea035086d5713fb014f9.png)
3. Click on the “settings” and “mail collection”
![](https://habrastorage.org/getpro/habr/post_images/2e0/591/254/2e05912542095fa1c57d8cbc765c8ad5.png)
links 4. Submit to the page with a list of all the boxes that the collector monitors.
![](https://habrastorage.org/getpro/habr/post_images/6bd/5a4/f9f/6bd5a4f9fff686b3c3ae04bf44d1419e.png)
5. We select any of the interested entries by clicking on the appropriate link - a pop-up window with settings will open.
![](https://habrastorage.org/getpro/habr/post_images/e48/2dc/3fe/e482dc3fed0fd63d421d60a207a6fab6.png)
6. We look into the source code of the contents of the pop-up window and among the few terms we find some very interesting ones.
![](https://habrastorage.org/getpro/habr/post_images/483/3d0/215/4833d021509ee0888bb49aa48ea5315a.png)
Yandex uses the http: // protocol for these pages, which allows you to intercept logins and passwords in network traffic.
UPD Moved to the blog Information security
UPD2 Yandex employee response